SSL/TLS handshake between client and server failed to complete.
openssl x509 -noout -modulus -in cert.pem | openssl md5 openssl rsa -noout -modulus -in key.pem | openssl md5
Both commands should output the same hash. If not, they're mismatched.
openssl s_client -connect example.com:443 -servername example.com
Read the output: a protocol alert means version/cipher config, a non-zero verify code means the certificate or chain, and the wrong certificate appearing means SNI routing.
ObserveOne performs a fresh TLS handshake from outside on every scheduled check, so the first failed handshake becomes an alert rather than a trend in your bounce rate.
Start Monitoring FreeThe browser cannot establish a secure SSL/TLS connection because the server and browser cannot agree on a protocol version or cipher suite.
Server and browser cannot agree on SSL/TLS protocol version or cipher suite.
SSL certificate is not signed by a trusted Certificate Authority.
SSL certificate has expired or is not yet valid.
Domain name doesn't match any domain in the SSL certificate.